ietf-smime
[Top] [All Lists]

AW: Signature processing question

2000-10-25 02:11:10
Hello,

As implementing S/MIMEv2/v3, my interpretation is, that S/MIMEv3 (CMS) now
uses PKCS#1 RSA based signature algorithms (making the DigestInfo wrapping
itself) for RSA based signature creation. So -- for RSA signatures -- the
DigestInfo wrapping still is done and the signature creation process is
compatible to S/MIMEv2.

S/MIMEv2 (PKCS#7v1.5) uses the RSA encryption method and does the DigestInfo
wrapping outside (and therefore may not be used for, e.g., DSA).

Hope, this interpretation is right.

Regards,
Dieter Bratko

-----Ursprüngliche Nachricht-----
Von: owner-ietf-smime(_at_)mail(_dot_)imc(_dot_)org
[mailto:owner-ietf-smime(_at_)mail(_dot_)imc(_dot_)org]Im Auftrag von Magnus 
Svensson
Gesendet: Mittwoch, 25. Oktober 2000 09:18
An: ietf-smime(_at_)imc(_dot_)org
Betreff: Signature processing question


I have a question regarding interoperability between S/MIME v2 and v3
agents. After carefully reading through RFC2315 and RFC2630 I found a
strange difference in the signature generation process for S/MIME v2 & v3.
It seems to me that the signature in v2 is generated over the digest
algorithm identifier + message digest while in v3 only over the message
digest. Below is a reference to the RFCs:

S/MIME v2:
In PKCS#7 (RFC 2315), page 16, sec9.4 states:
"The input to the digest-encryption process--the value supplied to the
signer's digest-encryption algorithm--includes the result of the
message-digesting process (informally, the "message digest") and the digest
algorithm identifier (or object identifier). The result of the
digest-encryption process is the encryption with the signer's private key of
the BER encoding of a value of type DigestInfo:"

S/MIME v3:
In CMS (RFC2630), page 12, sec5.5 states:
"The input to the signature generation process includes the result of the
message digest calculation process and the signer's private key.
The details of the signature generation depend on the signature algorithm
employed.  The object identifier, along with any
parameters, that specifies the signature algorithm employed by the signer is
carried in the signatureAlgorithm field."

Am I missing something or is it true that the signature processing differs?
Lets hope I am wrong, otherwise that would mean:
- There is no way a v2 MUA can verify the signature generated by a v3 MUA.
- In order to be v2 compatible, a v3 MUA must try both signature processing
techniques.

If the above statements are correct, should not the CMS specification
clarify that this is a backwards incompatible change from PKCS#7?
Any help to clarify things in this matter is greatly appreciated.

Regards,
Magnus Svensson




<Prev in Thread] Current Thread [Next in Thread>